A flaw was found in Exiv2 0.26, function Exiv2::Image::byteSwap2 in image.cpp file has a heap-based buffer over-read. This allows attackers to cause a denial of service attack.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1577321]
Closing as NOTABUG.
The POC doesn't reach the byteSwap2 function. The reporter said that the POC was for Ubuntu 16.04, not RHEL.